Skip Navigation

iOS
and
macOS
:
Wi-Fi
profile settings

Settings for
iOS
also apply to
iPadOS
devices.
macOS
applies profiles to either user accounts or devices. You can configure a
Wi-Fi
profile to apply to one or the other.
iOS
and
macOS
:
Wi-Fi
profile setting
Description
Apply profile to
This setting specifies whether the
Wi-Fi
profile on a
macOS
device is applied to the user account or the device.
Possible values:
  • User
  • Device
This setting is valid only for
macOS
.
Automatically join network
This setting specifies whether a device can automatically join the
Wi-Fi
network.
Disable MAC randomization
This setting specifies whether devices can randomize their MAC addresses when they join the
Wi-Fi
network. This setting applies only to devices that are running
iOS
and
iPadOS
14 and later.
Associated proxy profile
This setting specifies the associated proxy profile that a device uses to connect to a proxy server when the device is connected to the
Wi-Fi
network.
Network type
This setting specifies a configuration for the
Wi-Fi
network.
Hotspot configurations apply only to
iOS
,
iPadOS
, and
macOS
devices. If you select one of the hotspot options, do not use the same
Wi-Fi
profile to configure settings for other device types.
Possible values:
  • Standard
  • Legacy hotspot
  • Hotspot 2.0
The default value is "Standard."
Displayed operator name
This setting specifies the friendly name of the hotspot operator.
This setting is valid only if the "Network type" setting is set to "Hotspot 2.0."
Domain name
This setting specifies the domain name of the hotspot operator.
This setting is valid only if the "Network type" setting is set to "Hotspot 2.0."
The "SSID" setting is not required when you use this setting.
Roaming consortium OIs
This setting specifies the organization identifiers of roaming consortiums and service providers that are accessible through the hotspot.
This setting is valid only if the "Network type" setting is set to "Hotspot 2.0."
NAI realm names
This setting specifies the NAI realm names that can authenticate a device.
This setting is valid only if the "Network type" setting is set to "Hotspot 2.0."
MCC/MNCs
This setting specifies the MCC/MNC combinations that identify mobile network operators. Each value must contain exactly six digits.
This setting is valid only if the "Network type" setting is set to "Hotspot 2.0."
Allow connecting to roaming partner networks
This setting specifies whether a device can connect to roaming partners for the hotspot.
This setting is valid only if the "Network type" setting is set to "Hotspot 2.0."
Security type
This setting specifies the type of security that the
Wi-Fi
network uses.
If the "Network type" setting is set to "Hotspot 2.0," this setting is set to "
WPA2-Enterprise
."
Possible values:
  • None
  • WEP personal
  • WEP enterprise
  • WPA-Personal
  • WPA-Enterprise
  • WPA2-Personal
  • WPA2-Enterprise
  • WPA3-Personal
  • WPA3-Enterprise
The default value is "None."
WEP key
This setting specifies the WEP key for the
Wi-Fi
network. The WEP key must be 10 or 26 hexadecimal characters (0-9, A-F) or 5 or 13 alphanumeric characters (0-9, A-Z).
Examples of hexadecimal key values are ABCDEF0123 or ABCDEF0123456789ABCDEF0123. Examples of alphanumeric key values are abCD5 or abCDefGHijKL1.
This setting is valid only if the "Security type" setting is set to "WEP personal."
Preshared key
This setting specifies the preshared key for the
Wi-Fi
network.
This setting is valid only if the "Security type" setting is set to "
WPA-Personal
," "
WPA2-Personal
" or "WPA3-Personal."
Protocols
Authentication protocol
This setting specifies the EAP methods that the
Wi-Fi
network supports. You can select multiple EAP methods.
This setting is valid only if the "Security type" setting is set to "WEP enterprise," "
WPA-Enterprise
," "
WPA2-Enterprise
" or "WPA3-Enterprise."
Possible selections:
  • TLS
  • TTLS
  • LEAP
  • PEAP
  • EAP-FAST
  • EAP-SIM
  • EAP-AKA
Inner authentication
This setting specifies the inner authentication method for use with TTLS.
This setting is valid only if the "Authentication protocol" setting is set to "TTLS."
Possible values:
  • None
  • PAP
  • CHAP
  • MS-CHAP
  • MS-CHAPv2
  • EAP
The default value is "MS-CHAPv2."
Use PAC
This setting specifies whether the EAP-FAST method uses a Protected Access Credential.
This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST."
Provision PAC
This setting specifies whether the EAP-FAST method allows PAC provisioning.
This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST" and the "Use PAC" setting is selected.
Provision PAC anonymously
This setting specifies whether the EAP-FAST method allows anonymous PAC provisioning.
This setting is valid only if the "Authentication protocol" setting is set to "EAP-FAST," the "Use PAC" setting is selected, and the "Provision PAC" setting is selected.
Authentication
Outer identity for TTLS, PEAP, and EAP-FAST
This setting specifies the outer identity for a user that is sent in clear text. You can specify an anonymous username to hide the user's real identity (for example, anonymous). The encrypted tunnel is used to send the real username to authenticate with the
Wi-Fi
network. If the outer identity includes the realm name to route the request, it must be the user's actual realm (for example, anonymous@example.com).
This setting is valid only if the "Authentication protocol" setting is set to "TTLS," "PEAP," or "EAP-FAST."
Use password included in
Wi-Fi
profile
This setting specifies whether the
Wi-Fi
profile includes the password for authentication.
This setting is valid only if the "Security type" setting is set to "WEP enterprise," "
WPA-Enterprise
," "
WPA2-Enterprise
" or "WPA3-Enterprise."
Password
This setting specifies the password that a device uses to authenticate with the
Wi-Fi
network.
This setting is valid only if the "Use password included in
Wi-Fi
profile" setting is selected.
Username
This setting specifies the username that a device uses to authenticate with the
Wi-Fi
network. If the profile is for multiple users, you can specify the %UserName% variable.
This setting is valid only if the "Security type" setting is set to "WEP enterprise," "
WPA-Enterprise
," "
WPA2-Enterprise
" or "WPA3-Enterprise."
Authentication type
This setting specifies the type of authentication that a device uses to connect to the
Wi-Fi
network.
This setting is valid only if the "Security type" setting is set to "WEP enterprise," "
WPA-Enterprise
," "
WPA2-Enterprise
" or "WPA3-Enterprise."
Possible values:
  • None
  • Shared certificate
  • SCEP
  • User credential
The default value is "None."
Type of certificate linking
This setting specifies the type of linking for the client certificate associated with the
Wi-Fi
profile.
This setting is valid only if the "Authentication type" setting is set to "Shared certificate."
Possible values:
  • Single reference
  • Variable injection
The default value is "Single reference."
Shared certificate profile
This setting specifies the shared certificate profile with the client certificate that a device uses to authenticate with the
Wi-Fi
network.
This setting is valid only if the "Type of certificate linking" setting is set to "Single reference."
Client certificate name
This setting specifies the name of the client certificate that a device uses to authenticate with the
Wi-Fi
network.
This setting is valid only if the "Type of certificate linking" setting is set to "Variable injection."
Associated SCEP profile
This setting specifies the associated SCEP profile that a device uses to obtain a client certificate to authenticate with the
Wi-Fi
network.
This setting is valid only if the "Authentication type" setting is set to "SCEP."
Associated user credential profile
This setting specifies the associated user credential profile that a device uses to obtain a client certificate to authenticate with the
Wi-Fi
network.
This setting is valid only if the "Authentication type" setting is set to "User credential."
Trust
Certificate common names expected from authentication server
This setting specifies the common names in the certificate that the authentication server sends to the device (for example, *.example.com).
This setting is valid only if the "Security type" setting is set to "WEP enterprise," "
WPA-Enterprise
," "
WPA2-Enterprise
" or "WPA3-Enterprise."
Type of certificate linking
This setting specifies the type of linking for the trusted certificates associated with the
Wi-Fi
profile.
This setting is valid only if the "Security type" setting is set to "WEP enterprise," "
WPA-Enterprise
," "
WPA2-Enterprise
" or "WPA3-Enterprise."
Possible values:
  • Single reference
  • Variable injection
The default value is "Single reference."
CA certificate profiles
This setting specifies the CA certificate profiles with the trusted certificates that a device uses to establish trust with the
Wi-Fi
network.
This setting is valid only if the "Type of certificate linking" setting is set to "Single reference."
Trusted certificate names
This setting specifies the names of the trusted certificates that a device uses to establish trust with the
Wi-Fi
network.
This setting is valid only if the "Type of certificate linking" setting is set to "Variable injection."
Trust user decisions
This setting specifies whether a device prompts the user to trust a server when the chain of trust can't be established. If this setting is not selected, only connections to trusted servers that you specify are allowed.
This setting is valid only if the "Security type" setting is set to "WEP enterprise," "
WPA-Enterprise
," "
WPA2-Enterprise
" or "WPA3-Enterprise."
Bypass captive network
This setting specifies whether devices can bypass captive networks.
Enable QoS marking
This setting specifies whether you can enable L2 and L3 marking for traffic sent through the
Wi-Fi
network.
Use QoS for
FaceTime
calls
This setting specifies whether audio and video traffic for
FaceTime
calls can use L2 and L3 marking.
Use only L2 marking for QoS traffic
This setting specifies whether traffic sent through the
Wi-Fi
network uses only L2 marking.
Apply QoS marking to selected apps
This setting specifies the bundle IDs for apps that can use L2 and L3 marking.